WebVerse
ScanPortal
ScanPortal runs nmap safely — but every target you submit gets written raw to a log file, and the Scan Logs search feature is a different story.
Minatour
WebVerse
Hartwood
Hartwood & Co. has been outfitting 'the discerning hound' since 1924. After a century of selling collars and kibble they finally built a website. The dev who built it left a test order in the live database that was never deleted.
WebVerse
SunnySide
SunnySide Daycare's personalised confirmation page was built by a parent volunteer who picked the shortest Stack Overflow answer for rendering names. That answer used a template engine.
WebVerse
WindRose
WindRose Jet Charter's fleet browser was wired up by a contractor named Hugh during the 2014 rebrand and never revisited. Hugh's email address still bounces.
WebVerse
Brightside
Brightside Dental's support form happily accepts a curious-looking attachment. The IT contractor swore everything was fine because the file extension said .jpg. He was technically correct, and entirely wrong.
WebVerse
Parchive
Parchive's document archiving platform lets legal teams bundle case files into compressed archives. The archive name field has a filter — but it's missing a few characters.
WebVerse
LogCraft
LogCraft's health report generator accepts a custom title and shells out to produce the output. Double quotes are stripped — but that's not enough.
WebVerse
Netcheck
Netcheck's network diagnostics tool lets customers run live connectivity checks from Netcheck's own servers. What else can you make it run?
WebVerse
Kismet
A matchmaker's bio editor only allows six tags. One of them has a surprise.
WebVerse
Fieldnote
A research tool checks that shared URLs 'contain http'. They really ought to check more.
WebVerse
DroneFleet Ops
DroneFleet's callsign search pipes raw user input into a MongoDB-style $regex match. The results panel shows a match count but nothing else — until the regex helps you exfil.
WebVerse
Parasite
Parasite Systems' server management dashboard. Their configuration import feature might be more powerful than intended.